We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Import and map different entitlement types in Active Directory

r-m
New Contributor
New Contributor

Hello,

We are trying to import groups and primary group information from Active Directory.

We had already previously imported the entitlements only for the memberOf type and those entitlements where correctly imported and mapped with the existing accounts.

We then followed the documentation (Active Directory (AD) Connector Guide : Customer Portal (freshdesk.com)) and changed the ENTITLEMENT_ATTRIBUTE to "memberOf, primaryGroupID". However, when we changed the ENTITLEMENT_ATTRIBUTE, a primaryGroupID entitlement type was created and the correct entitlements were imported but no mapping occurs.

Is there any other attribute that should be changed so that we can map the AD accounts with both entitlement types?

Thank you!

9 REPLIES 9

AG
Regular Contributor II
Regular Contributor II

Did you find any solution for this?

rushikeshvartak
All-Star
All-Star

It seems all hardcoded in code . try changing json under endpoints 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi, 

Could you please provide some more detail on your suggestion? What attribute should i change in the endpoint and to what?

Thank you!

Under Endpoint

rushikeshvartak_0-1670611795064.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

We currently have the following configuration for the endpoint:

rm_0-1671022470780.png

This was added according to the connector guide to allow us to add and remove entitlements and is working as expected. It had no impact on the import and mapping of the second entitlement type (Primary Group).

Can you share the groupImportMapping JSON you have used?

Also if I understood your issue after adding primaryGroupID you are able to pull respective entitlements but account association is not happening. Whereas regular entitlements of type memberof still have account association right?

Meaning Issue with account entitlements association is only with primaryGroupID entitlement type correct?

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

r-m
New Contributor
New Contributor

Exactly, only with primaryGroupID

Currently we have the following in  groupImportMapping JSON:

{"importGroupHierarchy":"true",
"performGroupAccountLinking":"true",
"incrementalTimeField":"whenChanged",
"importnestedmembershipoutofscope":"false",
"groupObjectClass":"(objectclass=group)",
"mapping":"memberHash:member_char, entitlement_value:distinguishedName_char, entitlementid:distinguishedName_char, entitlement_glossary:description_char, displayname:name_char, updatedate:whenChanged_date, customproperty1:cn_char, customproperty2:sAMAccountName_char, customproperty3:sAMAccountType_char, customproperty4:groupType_char, customproperty5:objectSid_binary, customproperty6:objectGUID_binary, customproperty7:managedBy_char,customproperty8:whenCreated_date, RECONCILATION_FIELD:customproperty6",
"entitlementOwnerAttribute":"managedBy",
"tableFieldAttribute":"accountID"}

Although i should say the last two attributes (entitlementOwnerAttribute and tableFieldAttribute) change nothing, we've been unable to map entitlement owners for all entitlement types.

Thank you!

You can raise idea for above requirement 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AG
Regular Contributor II
Regular Contributor II

This is the syntax for adding or removing the entitlements. But what is the workaround for importing more than one type of entitlement?